Freeradius How to integrate Active Directory [AD Integration WindowsXP NTLM Tutorial]

Robin Mordasiewicz rmordasiewicz at samuelmanutech.com
Wed Nov 23 00:37:14 CET 2005


On Tue, 22 Nov 2005, charles schwartz wrote:

> Hi list,
>
> A lot of people on this list would like to integrate Active Directory with FreeRADIUS in order to provide a transparent user authentication login process.
>
> There are at least 2 ways to integrate AD: LDAP and NTLM.
> I've written a tutorial about how to do this with NTLM (winbind, ntlm_auth). The Windows supplicants are configured to work with PEAP and MSCHAPv2.
>
> You can download it from here:
> http://homepages.lu/charlesschwartz/radius/freeRadius_AD_tutorial.pdf
>

thanks for this. I change to use the /dev/random as per your tutorial but
radiusd hangs. When I change the random_file back to the original then it
works

random_file = ${raddbdir}/certs/random


In my tls section of eap.conf I have

                tls {
                        private_key_password = whatever
                        private_key_file = ${raddbdir}/certs/cert-srv.pem
                        CA_file = ${raddbdir}/certs/demoCA/cacert.pem
                        dh_file = ${raddbdir}/certs/dh
                        random_file = /dev/random
                    }

But when I run radiusd -X it just hangs there after getting to the
following.


rlm_eap: Loaded and initialized type gtc
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc/freeradius/certs/cert-srv.pem"
 tls: certificate_file = "/etc/freeradius/certs/cert-srv.pem"
 tls: CA_file = "/etc/freeradius/certs/demoCA/cacert.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/etc/freeradius/certs/dh"
 tls: random_file = "/dev/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"

And Strace shows

13519 open("/etc/freeradius/certs/demoCA/cacert.pem",
O_RDONLY|O_LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=1350, ...}) = 0
13519 open("/etc/freeradius/certs/cert-srv.pem", O_RDONLY|O_LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=2429, ...}) = 0
13519 open("/etc/freeradius/certs/cert-srv.pem", O_RDONLY|O_LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=2429, ...}) = 0
13519 stat64("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8),
...}) = 0
13519 open("/dev/random", O_RDONLY)     = 6


[root at smtcorms02 /usr/lib/ssl ]# ls -la /dev/random
crw-rw-rw-  1 root root 1, 8 Nov  2 12:02 /dev/random
[root at smtcorms02 /usr/lib/ssl ]# ls -la /dev/urandom
cr--r--r--  1 root root 1, 9 Nov  2 12:02 /dev/urandom




More information about the Freeradius-Users mailing list